Secure device authentication system and method

ABSTRACT

A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

This application claims priority to U.S. Provisional Application No.60/852,151, entitled SECURE DEVICE AUTHENTICATION SYSTEM AND METHOD,filed Oct. 16, 2006, which is hereby incorporated by reference in itsentirety.

BACKGROUND

Authentication and other security issues are currently areas ofextensive research and development, both theoretical and practical. Onefield of endeavor is the authentication of data on a DVD or comparabletechnology, which may or may not include CDs and new DVD technologies,but is typically applicable across DVD technologies due to thesimilarities between DVD technologies. With DVDs, CDs, and other freelydistributable media disks, the authentication has to be particularlystrong (e.g., use a cryptographic method).

Disk-based media are typically block-based devices. So the access timeof block data and the computation time of any cryptographic algorithmused should meet the specifications of a system on which the disk-basedmedia are used. Moreover, the contents could sometimes be encrypted forsecrecy. Other considerations for secure device secrecy and authenticitytechniques for disk-based media include that the technique shouldsupport a read-only medium, should support mass production of disks (notrequiring custom or unique data on each disk), and the additional datastored on the disk for authentication should only impose a reasonableoverhead.

Some efforts to meet these requirements have been proposed, but, as isthe case with many solutions in secrecy and authentication techniques,there is room for improvement. For example, one could attach a blocksignature based on public key cryptography (example, RSA signature), butthis is relatively slow since every block of data that is read wouldrequire an RSA signature calculation. Besides, the size of an RSAsignature for every block would impose a relatively high overhead. Asanother example, one could attach a SHA hash (or equivalent) for everyblock written in a custom protected area of disk, but this would requirethe manufacture of custom disks. As another example, one could attach asecret-key based message authentication code such as HMAC (orequivalent) for each block, but if the HMAC has to be the same for alldisks, this becomes a common secret key mechanism, which may not providea desired level of security. As another example, one could use ahierarchical signature approach that requires multiple seeks of theblock device for every block access, to read the members of thehierarchy, but this may lead to increased latency.

The foregoing examples of the related art and limitations relatedtherewith are intended to be illustrative and not exclusive. Otherlimitations of the related art will become apparent to those of skill inthe art upon a reading of the specification and a study of the drawings.

SUMMARY

The following embodiments and aspects thereof are described andillustrated in conjunction with systems, tools, and methods that aremeant to be exemplary and illustrative, not limiting in scope. Invarious embodiments, one or more of the above-described problems havebeen reduced or eliminated, while other embodiments are directed toother improvements.

A technique for security and authentication on block-based mediaincludes involves the use of protected keys, providing authenticationand encryption primitives. A system according to the technique mayinclude a secure device having a security kernel with protected keys. Adisk drive security mechanism may support authentication of data,secrecy, and ticket validation using the security kernel and, forexample, a ticket services module (e.g., a shared service that may ormay not be used by other storage devices like flash). Depending upon theimplementation, the security kernel, disk drive security mechanism, andticket services module may operate in three different execution spaces,and can be commonly used by various I/O and storage devices including,by way of example but not limitation, an optical disk.

In a non-limiting embodiment, the block-based media is read-only, butthe technique may be applicable on write once, read many (WORM),writable, or other block-based media. The technique may also beapplicable to other storage media, other licensing mechanisms leading toalternate methods to derive the encryption key, and/or other transportmedia (for example, Internet packet-based download.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the inventions are illustrated in the figures. However,the embodiments and figures are illustrative rather than limiting; theyprovide examples of the invention.

FIG. 1 depicts an example of a binary tree structure associated with ahierarchical hashing technique.

FIG. 2 depicts a non-binary tree structure associated with ahierarchical hashing technique.

FIG. 3 depicts an example of a 32 KB block.

FIG. 4 depicts a computer system suitable for implementation of thetechniques described above with reference to FIGS. 1-3.

FIG. 5 depicts an example of a secure system suitable for implementationof the techniques described above with reference to FIGS. 1-3.

FIGS. 6A and 6B depict a flowchart of an example of a method for secureblock-based media access.

FIGS. 7A, 7B, and 7C depict a flowchart 700 of an alternative method forsecure block-based media access.

DETAILED DESCRIPTION

In the following description, several specific details are presented toprovide a thorough understanding of embodiments of the invention. Oneskilled in the relevant art will recognize, however, that the inventioncan be practiced without one or more of the specific details, or incombination with other components, etc. In other instances, well-knownimplementations or operations are not shown or described in detail toavoid obscuring aspects of various embodiments, of the invention.

FIG. 1 depicts an example of a binary tree structure 100 associated witha hierarchical hashing technique. The notation is as used in U.S. Pat.No. 4,309,569 entitled “Method of Providing Digital Signatures,” whichwas issued Jan. 5, 1982 to Merkle, and which is incorporated herein byreference. A set of data blocks {Y₁ . . . Y_(k) . . . Y_(n)}, 1<=k<=n,are to be authenticated. In the example of FIG. 1, n=8. A block Y_(k) isauthenticated using Y_(k), and a set of values H(i, j, Y). A transmittedblock Y_(k) and a corresponding set of values H(i, j, Y) can beindependently used to establish the authenticity of Y_(k). H(i, j, k) isdefined as:H(i,i,Y)=F(Y _(i))H(i,j,Y)=F(H(i,(i+j−1)/2,Y),H((i+j+1)/2,j,Y)),where F(Y_(i)) is a one-way function such as SHA-1. It follows that H(i,j, Y) is a one-way function of Y_(i), Y_(i+1), . . . Y_(j), and H(1, n,Y) is a one-way function of Y₁ through Y_(n). Thus, the receiver canselectively authenticate Y_(k) and a set of values of H.

In order to trust the root value, H(1,8,Y), of the binary tree structure100, it should be possible to obtain, for example, a public key-basedcryptographic signature (e.g., a RSA signature) against the value. Thesignature can be validated with appropriate certificate chain validationup to a trusted root key. However, any applicable known or convenientsecurity mechanism could be used for the purpose of establishing trust.

In the example of FIG. 1, in order to authenticate Y₅, it is necessaryto have a trusted H(1, 8, Y) and receive H(6, 6, Y), H(7, 8, Y), andH(1, 4, Y). H(5,6,Y) and H(5,8,Y) can be derived. For illustrativepurposes, these boxes are shaded in FIG. 1, the boxes representing thederivative values have dashed lines, the H(5,5,Y) is the target ofvalidation and is represented in a block surrounded by a heavy line, andthe root, H(1,8,Y) is surrounded by both dashed an unbroken lines torepresent that H(1,8,Y) is both received and derived. For authenticationto succeed, the received and derived values of H(1,8,Y) must match.Values associated with the unshaded boxes need not be known toauthenticate Y₅.

In the example of FIG. 1, the target, H(5,5,Y), and a first one of thereceived values, H(6,6,Y), together can be used to derive H(5,6,Y) usingthe definition of H(i,j,k) above. The derived value, H(5,6,Y), and asecond one of the received values, H(7,8,Y), can be used to deriveH(5,8,Y). The derived value, H(5,8,Y), and a third one of the receivedvalues, H(1,4,Y) can be used to derive the root H(1,8,Y). H(1,8,Y) wasalso a fourth received value. If the derived and received values ofH(1,8,Y) match, then H(5,5,Y) is authenticated, assuming the fourthreceived value is trusted.

Groups of H( ) values belonging to different levels of the binary treestructure 100 can be denoted by their level in the hierarchy. Forexample:

H3:=H(1,8,Y)

H2:=values from {H(1,4,Y), H(5,8,Y)}

H1:=values from {H(1,2,Y), H(3,4,Y), H(5,6,Y), . . . }

H0:=values from {H(1,1,Y), H(2,2,Y), H(3,3,Y), . . . }

Thus H0 hashes refer to hashes of data blocks Y₁, Y₂, etc., the leafnodes of the binary tree structure 100. The structure of a tree may bedefined by the number of levels in the hierarchy and the number ofchildren for each node in the tree structure.

The technique described with reference to FIG. 1 can be extended toother non-binary tree structures. The choice of structure may begoverned by, by way of example but not limitation, the resulting sizesof data block and authentication data required to authenticate a block;the number of one-way hash function (e.g., SHA-1) calculations tosatisfy the desired data read rate from the device; the need to minimizeseeks and have the authentication data available as a side-effect ofreading the data or in other ways minimize the read overhead for theauthentication data; the maximum size of data that has to be covered bythe tree.

FIG. 2 depicts a non-binary tree structure 200 associated with ahierarchical hashing technique. The structure of the tree chosen for theexample of FIG. 2 is one that satisfies the above requirements for ablock-based media device, such as a DVD disk, and leads to a placementof the H0, H1 . . . values along with data blocks Y₁, Y₂ etc on thedevice.

In the example of FIG. 2, the H0 hashes 202 are chosen as H(1,1,Y),H(2,2,Y) etc., where each H0 hash covers one 1K data block. The datablock size is chosen to be 1K bytes, but could be of any convenientsize.

In the example of FIG. 2, the H1 hashes of the non-binary tree structure200 are chosen as H(1,31,Y), H(32,62,Y) etc. That is, in the example ofFIG. 2, each H1 covers 31 blocks of data. In other implementations,rather than 31 blocks of data, any convenient number of blocks could beused instead. The 31 blocks of data conform to a data block illustratedby way of example but not limitation in FIG. 3.

FIG. 3 depicts an example of a 32 KB block 300. The 32 KB block 300includes a hash block 302 and 31 1 KB data blocks 304. The hash blockinclude hashes and padding, which are described later. Depending uponthe implementation, the 31 1 KB data blocks 304 could be preceded by orinterleaved with the hash block 302 and stored together in the 32 KBblock 300 on, for example, a DVD disk.

Referring once again to the example of FIG. 2, the H2 hashes are chosenas follows: H(1,31*8,Y), H(31*8+1, 31*2*8,Y) etc. That is, each H2 hashcovers 31*8 blocks of data. This translates to each H2 node having 8children in H1. In this example, the multiplicand is an ‘8’, however anyconvenient number could be chosen. Increasing the multiplicand has theeffect of decreasing the number of nodes in H3 (unless acounterbalancing action is taken), while decreasing the multiplicandwill have the opposite effect.

The H3 hashes are chosen as H(1,31*8*8, Y), H(31*8*8+1,31*2*8*8, Y) etc.That is, each H3 hash covers 31*8*8 blocks of data. This translates toeach H3 node having 8 children in H2. In this example, the multiplicandis an ‘8’, however any convenient number could be chosen. In anon-limiting embodiment, the number of H3 hashes is chosen to cover themaximum size of the data covered by the authentication mechanism. Forexample, 4182 hashes may be used in a 9.4G implementation, while 768hashes may be used in a 1.5 G implementation. In the example of FIG. 2,the non-binary tree structure 200 includes n hashes, which is intendedto be a generalization for any size block-based media device with theparameters indicated for this example.

A final H4 hash (the root of the tree hierarchy) is a signed value, andis signed by using known or convenient public key signature methods in asecure server authorized to publish the content data. The size of thecontent may or may not be arbitrary. In order to compute values of thehierarchy the additional content blocks or hash values may be padded asrandom bytes. The techniques described with reference to FIG. 2 can beused with DVD blocks, or extended to other applications.

Referring once again to FIG. 3, the hash block 302, which is subdivided,in this example, into 31 H0 hashes and padding 310, 8 H1 hashes andpadding 312, and 8 H2 hashes and padding 314.

A header (not shown), such as a disk header, would typically be includedwith the 32 KB block 300. The header may be prepended, appended, orotherwise included with the block of data. In a non-limiting embodiment,the header includes the H4 hash and the relevant H3 hash (see, e.g.,FIG. 2). In an alternative embodiment the relevant H3 could be derivedfrom all 8 of the H2 hashes, and would not have to be provided, thoughthis may require accessing data from the whole block-based device.

In a non-limiting embodiment, the header may include a signed datastructure called a “ticket” which includes at least the final hash(e.g., H4), a content identification, and an optional key. The key may,for example, be signed by a content publishing server using a public keysignature method such as, by way of example but not limitation, RSA. Ina non-limiting embodiment, the ticket may include other rightsmanagement data granting rights to the content and a signature byanother licensing server. The header may further include ancillary datastructures to help validate the signatures, such as a chain ofcertificates, revocation lists, etc. Rights management licenses may beused in conjunction with other rights management licenses delivered byalternate means, to reduce or extend the rights applicable to thecontent.

Following the header, the hash blocks 310, 312, 314 and the 31 1 KB datablocks 304 may be interleaved. In the example of FIG. 3, one block is 32KB, and the first 1 KB block is reserved as the hash block 302. In anembodiment, the hash block 302 may include all authentication dataneeded to validate the 31 1 KB data blocks 304, assuming the header ispreloaded. The 31 1 KB data blocks 304 may include content. Anyapplicable known or convenient hash algorithm may be used. For example,SHA1, where the hash size is 20 bytes, would suffice.

In an embodiment, all data blocks are encrypted (e.g., using AESencryption) to ensure copy protection of the content. In an alternativeembodiment, some of the data blocks may not be encrypted. In anon-limiting embodiment, data is decrypted starting from the hash block302. Any known or convenient technique may be used to decrypt thehashes. For example, a constant known value may be chosen to decrypt thebeginning of the hash block 302, and a portion of the H2 hashes may beused as a value for the data block decryption. The decryption key may beobtained as a byproduct of a ticket validation procedure (see, e.g.,FIG. 5).

FIG. 4 depicts a computer system 400 suitable for implementation of thetechniques described above with reference to FIGS. 1-3. The computersystem 400 includes a computer 402, I/O devices 404, and a displaydevice 406. The computer 402 includes a processor 408, a communicationsinterface 410, memory 412, display controller 414, non-volatile storage416, and I/O controller 418. The computer 402 may be coupled to orinclude the I/O devices 404 and display device 406.

The computer 402 interfaces to external systems through thecommunications interface 410, which may include a modem or networkinterface. The communications interface 410 can be considered to be partof the computer system 400 or a part of the computer 402. Thecommunications interface 410 can be an analog modem, ISDN modem, cablemodem, token ring interface, satellite transmission interface (e.g.“direct PC”), or other interfaces for coupling a computer system toother computer systems. Although conventional computers typicallyinclude a communications interface of some type, it is possible tocreate a computer that does not include one, thereby making thecommunications interface 410 optional in the strictest sense of theword.

The processor 408 may include, by way of example but not limitation, aconventional microprocessor such as an Intel Pentium microprocessor orMotorola power PC microprocessor. While the processor 408 is a criticalcomponent of all conventional computers, any applicable known orconvenient processor could be used for the purposes of implementing thetechniques described herein. The memory 412 is coupled to the processor408 by a bus 420. The memory 412, which may be referred to as “primarymemory,” can include Dynamic Random Access Memory (DRAM) and can alsoinclude Static RAM (SRAM). The bus 220 couples the processor 408 to thememory 412, and also to the non-volatile storage 416, to the displaycontroller 414, and to the I/O controller 418.

The I/O devices 404 can include a keyboard, disk drives, printers, ascanner, and other input and output devices, including a mouse or otherpointing device. For illustrative purposes, at least one of the I/Odevices is assumed to be a block-based media device, such as a DVDplayer. The display controller 414 may control, in a known or convenientmanner, a display on the display device 406, which can be, for example,a cathode ray tube (CRT) or liquid crystal display (LCD).

The display controller 414 and I/O controller 418 may include devicedrivers. A device driver is a specific type of computer softwaredeveloped to allow interaction with hardware devices. Typically thisconstitutes an interface for communicating with the device, through abus or communications subsystem that the hardware is connected to,providing commands to and/or receiving data from the device, and on theother end, the requisite interfaces to the OS and software applications.

The device driver may include a hardware-dependent computer program thatis also OS-specific. The computer program enables another program,typically an OS or applications software package or computer programrunning under the OS kernel, to interact transparently with a hardwaredevice, and usually provides the requisite interrupt handling necessaryfor any necessary asynchronous time-dependent hardware interfacingneeds.

The non-volatile storage 416, which may be referred to as “secondarymemory,” is often a magnetic hard disk, an optical disk, or another formof storage for large amounts of data. Some of this data is oftenwritten, by a direct memory access process, into memory 412 duringexecution of software in the computer 402. The non-volatile storage 416may include a block-based media device. The terms “machine-readablemedium” or “computer-readable medium” include any known or convenientstorage device that is accessible by the processor 408 and alsoencompasses a carrier wave that encodes a data signal.

The computer system 400 is one example of many possible computer systemswhich have different architectures. For example, personal computersbased on an Intel microprocessor often have multiple buses, one of whichcan be an I/O bus for the peripherals and one that directly connects theprocessor 408 and the memory 412 (often referred to as a memory bus).The buses are connected together through bridge components that performany necessary translation due to differing bus protocols.

Network computers are another type of computer system that can be usedin conjunction with the teachings provided herein. Network computers donot usually include a hard disk or other mass storage, and theexecutable programs are loaded from a network connection into the memory412 for execution by the processor 408. A Web TV system, which is knownin the art, is also considered to be a computer system, but it may lacksome of the features shown in FIG. 4, such as certain input or outputdevices. A typical computer system will usually include at least aprocessor, memory, and a bus coupling the memory to the processor.

The computer system 400 may be controlled by an operating system (OS).An OS is a software program-used on most, but not all, computersystems—that manages the hardware and software resources of a computer.Typically, the OS performs basic tasks such as controlling andallocating memory, prioritizing system requests, controlling input andoutput devices, facilitating networking, and managing files. Examples ofoperating systems for personal computers include Microsoft Windows®,Linux, and Mac OS®. Delineating between the OS and application softwareis sometimes rather difficult. Fortunately, delineation is not necessaryto understand the techniques described herein, since any reasonabledelineation should suffice.

The lowest level of an OS may be its kernel. The kernel is typically thefirst layer of software loaded into memory when a system boots or startsup. The kernel provides access to various common core services to othersystem and application programs.

As used herein, algorithmic descriptions and symbolic representations ofoperations on data bits within a computer memory are believed to mosteffectively convey the techniques to others skilled in the art. Analgorithm is here, and generally, conceived to be a self-consistentsequence of operations leading to a desired result. The operations arethose requiring physical manipulations of physical quantities. Usually,though not necessarily, these quantities take the form of electrical ormagnetic signals capable of being stored, transferred, combined,compared, and otherwise manipulated. It has proven convenient at times,principally for reasons of common usage, to refer to these signals asbits, values, elements, symbols, characters, terms, numbers, or thelike.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the following discussion,it is appreciated that throughout the description, discussions utilizingterms such as “processing” or “computing” or “calculating” or“determining” or “displaying” or the like, refer to the action andprocesses of a computer that manipulates and transforms data representedas physical (electronic) quantities within the computer system'sregisters and memories into other data similarly represented as physicalquantities within the computer system memories or registers or othersuch information storage, transmission or display devices.

An apparatus for performing techniques described herein may be speciallyconstructed for the required purposes, or it may comprise a generalpurpose computer selectively activated or reconfigured by a computerprogram stored in the computer. Such a computer program may be stored ina computer readable storage medium, such as, by way of example but notlimitation, read-only memories (ROMs), RAMs, EPROMs, EEPROMs, magneticor optical cards, any type of disk including floppy disks, opticaldisks, CD-ROMs, DVDs, and magnetic-optical disks, or any known orconvenient type of media suitable for storing electronic instructions.

The algorithms and displays presented herein are not inherently relatedto any particular computer architecture. The techniques may beimplemented using any known or convenient programming language, whetherhigh level (e.g., C/C++) or low level (e.g., assembly language), andwhether interpreted (e.g., Perl), compiled (e.g., C/C++), orJust-In-Time (JIT) compiled from bytecode (e.g., Java). Any known orconvenient computer, regardless of architecture, should be capable ofexecuting machine code compiled or otherwise assembled from any languageinto machine code that is compatible with the computer's architecture.

FIG. 5 depicts an example of a secure system 500 suitable forimplementation of the techniques described above with reference to FIGS.1-3. A typical secure system 500 may include a game console, mediaplayer, an embedded secure device, a “conventional” PC with a secureprocessor, or some other computer system that includes a secureprocessor.

In the example of FIG. 5, the secure system 500 includes a secureprocessor 502, an OS 504, a block-based media driver 506, a block-basedmedia device 508, protected memory 510, and ticket services 512. In theexample of FIG. 5, the OS 504 includes a security kernel 514, which inturn includes a key store 516 and a security API 518. It should be notedthat one or more of the described components, or portions thereof, mayreside in the protected memory 510, or in unprotected memory (notshown). It should further be noted that the security kernel 514 isdepicted as residing inside the OS 504 by convention only. It may or maynot actually be part of the OS 504, and could exist outside of an OS oron a system that does not include an OS. For the purposes ofillustrative simplicity, it is assumed that the OS 504 is capable ofauthentication.

For illustrative simplicity, protected memory is represented as a singlememory. However protected memory may include protected primary memory,protected secondary memory, and/or secret memory. It is assumed thatknown or convenient mechanisms are in place to ensure that memory isprotected. The interplay between primary and secondary memory and/orvolatile and non-volatile storage is known so a distinction between thevarious types of memory and storage is not drawn with reference to FIG.5.

The ticket services 512 may be thought of as “digital license validationservices” and, in a non-limiting embodiment, may include known orconvenient procedures associated with license validation. For example,the ticket services 512 may include procedures for validating digitallicenses, PKI validation procedures, etc. In the example of FIG. 5, theticket services 512 can validate a ticket on the block-based mediadevice 508. In operation, the block-based media driver 506 obtains theticket from the block-based media device 508. The block-based mediadriver 506 then provides the ticket to the ticket services 512, whichproceeds to validate the ticket. If the ticket is valid, the block-basedmedia driver 506 is permitted to decrypt blocks associated with theticket.

In an embodiment, the security kernel 514 may be loaded at start-up. Inanother embodiment, a portion of the security kernel may be loaded atstart-up, and the remainder loaded later. An example of this techniqueis described in application Ser. No. 10/360,827 entitled “Secure andBackward-Compatible Processor and Secure Software Execution Thereon”filed on Feb. 7, 2003 by Srinivasan et al., which is incorporated byreference. Any known or convenient technique may be used to load thesecurity kernel 514 in a secure manner.

The key store 516 is a set of locations for keys. The key store 516 maybe thought of as an array of keys, though the data structure used tostore the keys is not critical. Any applicable known or convenientstructure may be used to store the keys. In a non-limiting embodiment,the key store 516 is initialized with static keys, but variable keys arenot initialized (or are initialized to a value that is not secure). Forexample, some of the key store locations are pre-filled with trustedvalues (e.g., a trusted root key), with the remaining extra index slotsleft unused.

The security API 518 is capable of performing operations using the keysin the key store 516 without bringing the keys out into the clear (i.e.,the keys do not leave the security kernel 514). The security API 518 mayinclude services to create, populate and use keys (and potentially othersecurity material) in the key store 516. In an embodiment, the securityAPI 518 also provides access to internal secrets and non-volatile data,including secret keys and device private key. Depending upon theimplementation, the security API 518 may support AES and SHA operationsusing hardware acceleration.

In an embodiment, some operations performed by the security API 518include encryption and decryption. For example, in operation, anapplication may request of the security API 518 a key handle that theapplication can use for encryption, then request that the API 518encrypt data using the key handle. Advantageously, the API 518 providesthe key handle in the clear, but the key itself never leaves thesecurity kernel 514.

In the example of FIG. 5, the block-based media driver 506 may beconfigured to perform the following security operations while readingfrom the block-based media device 508:

1) Decrypt the media device 508 using a secret key, and

2) Authenticate content on the media device 508 using authenticationdata on the media device 508. (Read fails if the authentication fails.)

In the example of FIG. 5, to perform these security operations, theblock-based media driver 506 may make use of other secure services inthe system 500, such as the ticket services 512 and the security API518. In an embodiment, each of these modules executes in a separateexecution space for system security. In order to validate data blocks,the block-based media driver 506 reads a data block header, and uses theticket services 512 to validate the ticket using data in the header. Tosupport the decryption of the blocks, the ticket may include anencrypted key. The ticket services 512 decrypts the key using servicesin the security kernel 514.

In an embodiment, the security kernel 514 uses secret common keys fromthe key store 518 to perform this decryption. In another embodiment, theticket services 512 could use a device personalized ticket obtained fromflash or network (not shown), validate some rights to content, and thenreturn the key. In any case, this process returns to the block-basedmedia driver 506 a reference to a key for use in decrypting blocks. Thiskey reference is used by the block-based media driver 506 to makesubsequent calls to the security kernel 514 to decrypt blocks associatedwith the key.

After decryption, the block-based media driver 506 makes calls to thesecurity API 516 (or some other interface to a hash computation engine)to validate a hierarchical hash tree associated with the ticket. (See,e.g., FIG. 3.) The security API 516 validates the root hash against theone in the ticket. Assuming validation is successful, the contentassociated with the ticket is made available for use.

An example of data flow in the system 500 is provided for illustrativepurposes as arrows 520-536. Receiving the block header at theblock-based media driver 506 is represented by a data block header arrow520 from the block-based media device 508 to the block-based mediadriver 506. Sending data from the data block header, including a ticket,to the ticket services 512 is represented by an authentication dataarrow 522. The ticket may include an encrypted key. Sending a request tothe security API 516 to decrypt the key is represented as a keydecryption request arrow 524. Returning a reference to the decryptedkey, now stored in the key store 518, is represented by a reference tokey arrow 526. After a successful validation of the ticket, the ticketservices will send ticket validation data to the block-based mediadriver 506, including a reference to a key that the driver can use todecrypt blocks. The data sent from the ticket services 512 to theblock-based media driver 506 is represented as a ticket validation arrow528. A data block access arrow 530 represents reading blocks from theblock-based media device 508 by the block-based media driver 506. Thedata access may or may not occur concurrently with the receipt of theheader (520). The accessed blocks are decrypted using the ticketvalidation data (528) and a block decryption request arrow 532represents the request. A hash tree validation arrow 534 represents asubsequent validation of the content of a block.

In an alternative embodiment, values of portions of a hierarchical hashtree could be hashed for future reference. This could save some hashcomputation time.

FIGS. 6A and 6B depict a flowchart 600 of an example of a method forsecure block-based media access. In the example of FIG. 6A, theflowchart 600 begins at module 602 where a block-based media header isread. In the example of FIG. 6A, the flowchart 600 continues to module604 where a ticket is validated and a reference to a decryption key isobtained.

In the example of FIG. 6A, the flowchart 600 continues to decision point606 where it is determined whether the ticket is valid. If it isdetermined that the ticket is not valid (606-N), the process aborts andthe flowchart 600 ends. If, on the other hand, it is determined that theticket is valid (606-Y), the flowchart 600 continues to module 608 wherea hash of H3 hashes are compared with the root hash value in the ticket.The comparison may be performed, for example, by security services.

In the example of FIG. 6A, the flowchart 600 continues to decision point610 where it is determined whether the ticket is valid. If thecomparison (608) is a match, it is assumed the ticket is valid. If it isdetermined that the ticket is not valid (610-N), the process aborts andthe flowchart 600 ends. If, on the other hand, it is determined that theticket is valid (610-Y), the flowchart 600 continues to module 612 wherean H3 hash value of the set of H3 hashes is stored; and then a readrequest is awaited. The H3 hash value may be stored, for example, insecure DRAM.

In the example of FIG. 6A, the flowchart 600 continues to module 614where a reference to a key to decrypt content is obtained. The referenceto the key to decrypt content may be obtained, for example, by making acall to ticket services (with header information) to obtain thereference. In the example of FIG. 6A, the flowchart 600 continues tomodule 616 where a hash sub-block and a data sub-block of a read requestare located. In the example of FIG. 6A, the flowchart 600 continues tomodule 618 where the hash sub-block and the data sub-block aredecrypted. In the example of FIG. 6B, the flowchart 600 continues tomodule 620 where a hash of the data sub-block is calculated.

In the example of FIG. 6B, the flowchart 600 continues to module 622where the hash of the data sub-block is compared against a correspondingH0 hash value in the set of H0 hashes. (See, e.g., FIG. 3.) In theexample of FIG. 6B, the flowchart 600 continues to decision point 624where it is determined whether the comparison yields a valid result. Ifit is determined that the result is not valid (624-N), then theflowchart 600 aborts the read request from the block-based media device.If, on the other hand, it is determined that the result is valid(624-Y), then the flowchart 600 continues to module 626 where a hash ofthe set of H0 hashes, including the H0 hash value, is calculated.

In the example of FIG. 6B, the flowchart 600 continues to module 628where the hash of the set of H0 hashes is compared against acorresponding H1 hash value in the set of H1 hashes. (See, e.g., FIG.3.) In the example of FIG. 6B, the flowchart 600 continues to decisionpoint 630 where it is determined whether the comparison yields a validresult. If it is determined that the result is not valid (630-N), thenthe flowchart 600 aborts the read request from the block-based mediadevice. If, on the other hand, it is determined that the result is valid(630-Y), then the flowchart 600 continues to module 632 where a hash ofthe set of H1 hashes, including the H1 hash value, is calculated.

In the example of FIG. 6B, the flowchart 600 continues to module 634where the hash of the set of H1 hashes is compared against acorresponding H2 hash value in the set of H2 hashes. (See, e.g., FIG.3.) In the example of FIG. 6B, the flowchart 600 continues to decisionpoint 636 where it is determined whether the comparison yields a validresult. If it is determined that the result is not valid (636-N), thenthe flowchart 600 aborts the read request from the block-based mediadevice. If, on the other hand, it is determined that the result is valid(636-Y), then the flowchart 600 continues to module 638 where a hash ofthe set of H2 hashes, including the H2 hash value, is calculated.

In the example of FIG. 6B, the flowchart 600 continues to module 640where the hash of the set of H2 hashes is compared against thecorresponding stored H3 hash value (612). (See, e.g., FIG. 3.) In theexample of FIG. 6B, the flowchart 600 continues to decision point 642where it is determined whether the comparison yields a valid result. Ifit is determined that the result is not valid (642-N), then theflowchart 600 aborts the read request from the block-based media device.If, on the other hand, it is determined that the result is valid(642-Y), then the flowchart 600 continues to module 644 where the blockread request is fulfilled.

As used herein, the term “content” is intended to broadly include anydata that can be stored in memory.

As used herein, the term “embodiment” means an embodiment that serves toillustrate by way of example but not limitation.

It will be appreciated to those skilled in the art that the precedingexamples and embodiments are exemplary and not limiting to the scope ofthe present invention. It is intended that all permutations,enhancements, equivalents, and improvements thereto that are apparent tothose skilled in the art upon a reading of the specification and a studyof the drawings are included within the true spirit and scope of thepresent invention. It is therefore intended that the following appendedclaims include all such modifications, permutations and equivalents asfall within the true spirit and scope of the present invention.

1. A method comprising: accessing a header including a data structureand a set of hash values; obtaining from the data structure a first roothash of a hierarchical hash tree; computing a second root hash from theset of hash values; comparing the first root hash to the second roothash; if the first root hash and the second root hash match, obtainingan encrypted key from the data structure; securely decrypting theencrypted key; securely storing the key such that the key is not passedin the clear; providing a reference to the key; decrypting a data blockwith the reference to the key; loading authentication data from asub-block associated with the data block; identifying, in theauthentication data, a first set of hash values associated with a firstlevel of the hierarchical hash tree; computing a cryptographic hash ofthe data block to determine a first hash value; comparing the first hashvalue to a corresponding value in the first set of hash values;rejecting a block data request if the first hash value and thecorresponding value in the first set of hash values do not match.
 2. Themethod of claim 1, wherein the data structure is public key signed. 3.The method of claim 1, further comprising authenticating the datastructure.
 4. The method of claim 1, further comprising securely storingthe set of hash values included in the header.
 5. The method of claim 1,further comprising caching the hierarchical hash tree.
 6. The method ofclaim 1, further comprising rejecting the header if the first root hashand the second root hash do not match.
 7. The method of claim 1, furthercomprising validating a rights management ticket from a source otherthan the header.
 8. The method of claim 1, wherein the reference to thekey is provided in the clear.
 9. The method of claim 1, whereindecrypting a data block with the reference to the key further comprises:providing the reference to the key to a secure decryption engine;decrypting the data block such that the key is not passed in the clear.10. The method of claim 1, further comprising decrypting at least aportion of the sub-block.
 11. The method of claim 1, further comprising,in each hash block: inserting a calculated hash in an appropriatelocation; computing the hash of the hash block.
 12. The method of claim1, if the first hash value matches the corresponding value in the firstset of hash values, further comprising: computing a second hash valuecorresponding to the first set of hash values; identifying, in theauthentication data, a second set of hash values associated with asecond level of the hierarchical hash tree; comparing the second hashvalue to a corresponding value in the second set of hash values;rejecting the block data request if the second hash value and thecorresponding value in the second set of hash values do not match. 13.The method of claim 12, if the second hash value matches thecorresponding value in the second set of hash values, furthercomprising: computing a third hash value corresponding to the second setof hash values; identifying, in the authentication data, a third set ofhash values associated with a third level of the hierarchical hash tree;comparing the third hash value to a corresponding value in the third setof hash values; rejecting the block data request if the third hash valueand the corresponding value in the third set of hash values do notmatch.
 14. The method of claim 13, if the third hash value matches thecorresponding value in the third set of hash values, wherein the set ofhash values of the header are a fourth set of hash values, and whereinthe fourth set of hash values are associated with a fourth level of thehierarchical hash tree, further comprising: computing a fourth hashvalue corresponding to the third set of hash values; providing a fourthset of hash values associated with a fourth level of the hierarchicalhash tree; comparing the fourth hash value to a corresponding value inthe fourth set of hash values; rejecting the block data request if thefourth hash value and the corresponding value in the fourth set of hashvalues do not match; returning the data block if the fourth hash valueand the corresponding value in the fourth set of hash values match. 15.A system comprising: a block-based media driver coupled to a securityAPI, wherein, in operation, the block-based media driver accesses aheader associated with a block-based media device and extractsauthentication data from the header; ticket services coupled to theblock-based media driver and the security API, wherein, in operation,the ticket services receive the authentication data from the block-basedmedia driver and send a key decryption request to the security API; asecurity kernel including the security API, an encryption/decryptionengine, and a key store accessible to the security API, wherein, inoperation, the encryption/decryption engine decrypts the key, the key isstored in the key store, and the security API returns a reference to thekey to the ticket services; wherein, in operation, the ticket servicesvalidates the authentication data and returns the reference to the keyto the block-based media driver; wherein, in operation, the block-basedmedia driver accesses data blocks of the block-based media device, sendsa block decryption request to the security API, and the security kerneldecrypts the blocks and validates a hierarchical hash tree associatedwith the data blocks.
 16. The system of claim 15, further comprising theblock-based media device, wherein the header associated with theblock-based media device includes a root hash value and a plurality ofroot-child hash values.
 17. The system of claim 15, further comprisingthe block-based media device, wherein the data blocks each include ahash sub-block and a plurality of content data blocks.
 18. A systemhaving a means for secure content delivery with block-based media,comprising: a secure key store means; a means for accessing an encryptedkey from a header of a block-based media device; a means for securelydecrypting the encrypted key; a means for securely storing the key inthe key store; a means for referencing the key to securely decrypt datablocks of the block-based media device; a means for providing hashvalues in association with the block-based media device and each datablock of the block-based media device.
 19. The system of claim 18,further comprising a means for aborting block-based media device accessif hash values in the header are rejected.
 20. The system of claim 18,further comprising a means for aborting data block access if hash valuesin the data block are rejected.
 21. A method comprising: accessing aheader including a data structure and a set of hash values; obtainingfrom the data structure a first root hash of a hierarchical hash tree;computing a second root hash from the set of hash values; comparing thefirst root hash to the second root hash; if the first root hash and thesecond root has match, obtaining an encrypted key from the datastructure; securely decrypting the encrypted key; securely storing thekey such that the key is not passed in the clear; providing a referenceto the key; loading authentication data from a sub-block associated withan encrypted data block; identifying, in the authentication data, afirst set of hash values associated with a first level of thehierarchical hash tree; computing a cryptographic hash of the encrypteddata block to determine a first hash value; comparing the first hashvalue to a corresponding value in the first set of hash values;rejecting a block data request if the first hash value and thecorresponding value in the first set of hash values do not match;decrypting the encrypted data block with the reference to the key.